Also can we do anything with ssh-rsa? It uses both SHA-1 and deprecated PKCS#1 padding. If it's used to sign certificates, there's no additional protection of SHA-2 hashing before SHA-1 signature, it just signs the raw certificate. On Sat, Jan 19, 2019 at 11:32 PM Yegor Ievlev <koops1997@xxxxxxxxx> wrote: > > I'm not sure if collision resistance is required for DH key > derivation, but generally, SHA-1 is on its way out. If it's possible > (if there's not a very large percentage of servers that do not support > anything newer), it should be disabled. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev